13 matches found
Mageia: Security Advisory (MGASA-2021-0086)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated mediawiki packages fix security vulnerability
In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colu...
Security fix for the ALT Linux 9 package mediawiki version 1.35.1-alt1
1.35.1-alt1 built Dec. 30, 2020 Vitaly Lipatov in task 263837 Dec. 23, 2020 Vitaly Lipatov - new version 1.35.1 with rpmrb script - T268894, CVE-2020-35474, T268917, CVE-2020-35475 - T268938, CVE-2020-35478, CVE-2020-35479 - T205908, CVE-2020-35477, T120883, CVE-2020-35480...
Fedora 33 : mediawiki (2020-0be2d40e13)
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December /000268.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
[SECURITY] [DLA 2504-1] mediawiki security update
Debian LTS Advisory DLA-2504-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 22, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u7 CVE ID : CVE-2020-15005 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480 Multiple security...
Debian: Security Advisory (DLA-2504-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2504-1 : mediawiki security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work. CVE-2020-15005 Private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
Debian DSA-4816-1 : mediawiki - security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 4816-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4816-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2020 https://www.debian.org/security/faq -...
CVE-2020-35480
An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to being abusive, or similar that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to...
CVE-2020-35480
MediaWiki before 1.35.1 is affected by CVE-2020-35480: missing and hidden users that are not visible to the viewer cause information disclosure, exposing sensitive data about the hidden status across multiple code paths. The advisory chain indicates this is fixed upstream in 1.35.1; upgrade to 1....